Solved

Need to resolve to host name instead of IP address

Posted on 2009-04-07
18
444 Views
Last Modified: 2012-05-06
I have an application that is used by my employees outside of the office network.  The employees VPN into the network and exchange information with the server from any available internet connection.  As it sits the server will send the proper information back to the outside systems only if the application is set to send information using the current IP address obtained from the server via the VPN.  As this IP changes constantly I would like the server to be able to send the information back to the outside systems using their host name but I am unsure of how to set that up.  Any help would be greatly appreciated.    
0
Comment
Question by:nciman
  • 9
  • 7
18 Comments
 
LVL 5

Expert Comment

by:Mechanic_Kharkov
ID: 24090005
#1
E.g. OpenVPN has an option to set static vpn IP for users with their names. Their common names are taken from their SSL sertificates. You just create on server config subfolder ccd, where create for each user it's own file named with it's common name. In this files there is a line with ifconfig-push ROUTE. So each user will gain hi's own static IP wherever he is connected from. Check if Your VPN has such option to assign IP with user name.
Furthermore, if each client will obtain it's own personal VPN IP, You can assign some hostnames directly within HOSTS file.

#2
if Your VPN server is located not at the same machine where Your application islocated, You can group Your remote VPN users to connect to Your application via NAT or some port mapping that will be reset theirs originating IPs and all of them will connect to app with this NAT (gate) IP. So, Your app will see the same IP for all of these users that must resolve the problem.
0
 

Author Comment

by:nciman
ID: 24090111
I very much like the idea of assigning hostnames.  Could you point me in the right direction to make this happen.

Thanks
0
 
LVL 5

Expert Comment

by:Mechanic_Kharkov
ID: 24090148
It depends on Your VPN implementation. Which one do You have?
0
 

Author Comment

by:nciman
ID: 24090178
As far as I know it a standard VPN Tunnel.  Please bear with me.
0
 
LVL 5

Expert Comment

by:Mechanic_Kharkov
ID: 24090272
Ok, some questions to clarify.
it's standard for what kind of OS?
How much clients usually use this VPN? (ten or less, hundreds, etc)
Can they connect simultaneously?
Do they use their own personal SSL certificates, or share the same one?
0
 

Author Comment

by:nciman
ID: 24090349
VPN to Windows Server 2003
No more than 10 clients at a time
All VPN users use the same pre-shared key
All VPN users are connecting using the standard VPN client within Windows Vista
Simultaneous connections are successful
0
 
LVL 5

Expert Comment

by:Mechanic_Kharkov
ID: 24090733
Guess that all Your users have their own unique names when accessing to Your system?
Then it is easy to assign for each his own IP upon his username.

Your VPN must be configure to give IP's to clients not with DHCP, but "From a specified range of addresses".

Then go to User's properties, Dial-in tab, and set appropriate IP for that user.

The last step is to write this IP & Desired hostname pairs to Your hosts file.

(!) Attention!
Before make any changes to Your system, backup Your system state, and talk with admin. All these steps are theoretical, based on it's manual. But I have never setup VPN on 2003 server before.

0
 

Author Comment

by:nciman
ID: 24090983
I have changed the User's properties under the Dial Up tab
I have written to the HOSTS file
When I connect via the VPN from the particular user's system the IP assigned is not the one I am looking for.  I assume that the VPN is not assigning the proper IP and I am not sure of how to make that change.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 5

Expert Comment

by:Mechanic_Kharkov
ID: 24091062
I don't know how to set up already set up VPN. I used this article, and it tell that VPN can be configured to assign IP's from pre-set range vs DHCP. Maybe Your VPN is set up for automatic IP assigning, and user can't get static IP that You set for he. You need to find the way to configure the way of address assigning. Maybe if You run VPN Setup wizard again, it will alow to change this option. (?)

This picture, for example: http://techrepublic.com.com/i/tr/downloads/home/scott_lowe_images/figf_rras_ip_address_choice.jpg
0
 

Author Comment

by:nciman
ID: 24091103
My VPN is configured on the router not on the Windows Server 2003 machine itself, does that make any difference?
0
 
LVL 5

Expert Comment

by:Mechanic_Kharkov
ID: 24091164
Of course it does the great difference!
It means that You need configure IP assigning on the router, not on the server. And I suspect that this router supports Windows usernames at all.. :-(
There is the best way to use router's documentation to clarify the question.
0
 

Author Comment

by:nciman
ID: 24091364
Maybe it's better to set up the VPN on the server itself instead of using the router.  I am having difficulty finding any resources to assist in the setup of Windows usernames on the router VPN.
0
 
LVL 5

Expert Comment

by:Mechanic_Kharkov
ID: 24091561
If it's really helpful then why not?
And if You're able to setup IP assigning from some preferred range on the router, then You're still able to simple name this range in Your hosts file. Then VPN clients will have one of named (in hosts) IP from range. The only issue that the same user each time it connects can obtain new IP from range and new hostname.
Another question how the application resolves user domain names when clients connect to it.
I assume that any tcp or udp server use channel that is established by client side, and can communicate with client without knowing anything else about client side. Established connection is usually enough for server to distinct clients. If server wants it can gain remote IP from connection itself. For what it need it's hostname, and how it resolves this name?
0
 
LVL 5

Expert Comment

by:Mechanic_Kharkov
ID: 24091848
Is Your server communicating with its clients like this?
1. client connects to server and leaves it's request, and it's IP (hostname) to get answer to this address;
2. client disconnects;
3. some time later server connects back to client using stored address (IP or Hostname).

Does the main trouble occurs when client reconnects to VPN and changes it's IP between steps 1 & 3, so server cannot reach it with wrong address?
If this scheme is correct, then the only way is strong binding user with it's windows username to under-VPN-internal hostname (IP) regardless of their really IP (obtained from their ISP also can be dynamic).

#3
If users are entered to your windows network each time they connect to VPN, then they must be reachable inside the network with their netbios names. Maybe it's more simple to allow netbios through VPN?
Look related question also
http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_20128651.html
0
 

Author Comment

by:nciman
ID: 24092080
Current communication is client connects to server via VPN, VPN assigns IP address to client.  Client updates server with information required for business.  Server in turn processes the information received from client and is supposed to return alternate information back to the client.  The only way that the server can send required information back to client is if client software application that sends initial information to server is configured with client IP address obtained from VPN.  I would like the server to be able to send the required information back to the client using the clients hostname instead of said IP.
0
 
LVL 5

Accepted Solution

by:
Mechanic_Kharkov earned 500 total points
ID: 24092512
Netbios naming seems to be the best solution. Any client, whenever it connects to server will have it's unique netbios name regardless of IP, and server could access to client (if it is connected of course).
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now